Skip to content
New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

Update xml-encryption to get rid of vulnerable node-forge #667

merged 1 commit into from Jan 19, 2022


Copy link

@forty forty commented Jan 19, 2022

This update actually /remove/ node forge to use native nodejs crypto instead. This is nice as node-forge is a fairly large module.

The major version bump in xml-encryption is because this update remove support for node < 12 (which are already not supported by passport-saml)

This PR is on the 3.x branch.

Copy link

@forty Thanks for the details. Merging.

@markstos markstos merged commit b9de63b into node-saml:3.x Jan 19, 2022
@cjbarth cjbarth added the dependencies Pull requests that update a dependency file label Jun 25, 2022
Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment
dependencies Pull requests that update a dependency file
None yet

Successfully merging this pull request may close these issues.

None yet

3 participants